Chip Burrus is the Vice President for Corporate Security for Penske. Previously, he worked as an FBI agent for 25 years and retired as the Bureau’s assistant director. Mr. Burrus sat down with the Cipher Brief to discuss the challenges of working as a Chief Security Officer.
The Cipher Brief: What would you say, from a security perspective, is your number one challenge?
Chip Burrus: For us it’s workplace violence. That’s everything from two people threatening each other to customers who might be angry because we didn’t fix their car correctly and bring a weapon into the dealership.
In 2010 a former employee shot and killed four of our associates in Georgia. It really transformed our company and now the rest of us take workplace violence very seriously, so anything that comes up is routed through corporate security. Even if it’s just two guys swearing at each other, we do a background to see if there is anything going on their life that we need to look at in order to make sure that we don’t have another incident. That’s a big focus for us.
The other thing, because we are a transportation company, is terrorism. We do an awful lot to train our employees and to make our associates aware of any of the threats that are coming up or any of the anniversary days. We try to get our folks to say, “Hey, is there an issue? Is there something in the back that maybe draws your attention? Is a car or a truck being returned with anything in it?” By and large our people are pretty good about sorting a lot of that stuff out.
So, workplace violence and terrorism, and there’s the normal, financial, ethical, things that plague any company. When you’ve got 42,000 employees, some percentage of them are engaged in some level of activity that would lead to disrepute for the organization. So we try to sort those out and make sure we don’t have a problem there.
TCB: Your company has a huge inventory of physical assets. How have you approached the cyber problem?
CB: That’s a great question. We obviously employ a suite of protection for all of our companies. For us, on the physical security side, that’s been a real sea change since I first started. It was basically fences and locks and bars, but the technology has changed so much – I have to go to shows each year just to keep up.
In several of our locations we just changed our camera systems. These camera systems are now so advanced that the analytics within the camera can detect whether or not it’s a person, a bag or a cat running across our lot. So from a physical security side, that’s been a big change for us as well. We’re always concerned about security, we do everything we can to protect our customers’ data and our customers’ assets and so forth. Whatever we need to put in place, we generally do.
TCB: What do you think are some best practices that you’ve learned in your role as a CSO?
CB: Have a really good team and work with really good colleagues. That’s key. Good relationships with managers. You have to have a lot of buy-in. I mean, I can’t sell cars, I can’t rent trucks, but you work together with these guys and they can do incredible things. They listen to me, and they don’t know what I know and I don’t know what they know, so we have to be collaborative. I guess that’s true in every industry, but it’s really true in ours.
If you have a lot of physical inventory, like we do, you’ve really got to stay on top of the technology because it changes so often. Much more than anything else, you have to be mindful of how you use your time during the day and not be overrun by vendors.
TCB: One final question about public-private cooperation. How can the government and industry work better together in terms of security?
CB: Before I left the FBI, I was the chairman of the DSAC, which is the Domestic Security Alliance Council. That’s the FBI’s counterpart to OSAC (the Overseas Security Advisory Council). I really like the OSAC model. It’s going to take some time to get that into place, to have the FBI have analysts that you can call up in order to share information. That’s a great model for a public-private partnership.